// based on work by Todd Wease
#include "dce_co.h"
-#include "dce_tcp.h"
+
+#include "main/snort_debug.h"
+#include "utils/util.h"
+
#include "dce_smb.h"
-#include "dce_tcp_module.h"
#include "dce_smb_module.h"
-#include "dce_list.h"
-#include "dce_utils.h"
+#include "dce_tcp.h"
+#include "dce_tcp_module.h"
#include "dce_smb_utils.h"
-#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
-#include <assert.h>
THREAD_LOCAL int co_reassembled = 0;
#include "dce_common.h"
#include "dce_list.h"
-#include "dce_utils.h"
#define DCE2_CO_BAD_MAJOR_VERSION 27
#define DCE2_CO_BAD_MINOR_VERSION 28
// dce_common.cc author Rashmi Pitre <rrp@cisco.com>
#include "dce_common.h"
-#include "dce_tcp.h"
-#include "dce_smb.h"
-#include "dce_co.h"
-#include "dce_smb_utils.h"
-#include "framework/base_api.h"
-#include "framework/module.h"
-#include "flow/flow.h"
-#include "log/messages.h"
-#include "main/snort_debug.h"
+
#include "detection/detect.h"
#include "ips_options/extract.h"
-#include "protocols/packet_manager.h"
-#include "events/event_queue.h"
-#include "framework/codec.h"
-#include "main/snort.h"
-#include "framework/endianness.h"
+#include "log/messages.h"
#include "utils/safec.h"
+#include "dce_smb_utils.h"
+#include "dce_tcp.h"
+
THREAD_LOCAL int dce2_detected = 0;
THREAD_LOCAL DCE2_CStack* dce2_pkt_stack = nullptr;
THREAD_LOCAL int dce2_inspector_instances = 0;
#ifndef DCE_COMMON_H
#define DCE_COMMON_H
-#include "dce_utils.h"
-#include "dce_list.h"
-#include "main/snort_types.h"
-#include "framework/module.h"
-#include "framework/inspector.h"
-#include "protocols/packet.h"
#include "events/event_queue.h"
+#include "framework/counts.h"
+#include "framework/value.h"
+#include "protocols/packet.h"
+
+#include "dce_list.h"
extern const InspectApi dce2_smb_api;
extern const InspectApi dce2_tcp_api;
****************************************************************************/
#include "dce_list.h"
-#include "dce_utils.h"
-#include "utils/util.h"
#include "main/snort_debug.h"
+#include "utils/util.h"
/********************************************************************
* Private function prototyes
// dce_smb.cc author Rashmi Pitre <rrp@cisco.com>
#include "dce_smb.h"
-#include "dce_smb2.h"
+
+#include "detection/detect.h"
+#include "file_api/file_service.h"
+#include "protocols/packet.h"
+#include "utils/util.h"
+
+#include "dce_smb_module.h"
#include "dce_smb_utils.h"
#include "dce_smb_paf.h"
-#include "dce_smb_module.h"
#include "dce_smb_commands.h"
#include "dce_smb_transaction.h"
-#include "dce_list.h"
-#include "main/snort_debug.h"
-#include "file_api/file_service.h"
-#include "utils/util.h"
-#include "detection/detect.h"
+#include "dce_smb2.h"
THREAD_LOCAL int dce2_smb_inspector_instances = 0;
}
// This is the main entry point for SMB processing
-void DCE2_SmbProcess(DCE2_SmbSsnData* ssd)
+static void DCE2_SmbProcess(DCE2_SmbSsnData* ssd)
{
if (DCE2_GcIsLegacyMode((dce2SmbProtoConf*)ssd->sd.config))
{
#ifndef DCE_SMB_H
#define DCE_SMB_H
-#include "dce_common.h"
-#include "dce_co.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
#include "framework/counts.h"
+#include "protocols/packet.h"
+#include "profiler/profiler_defs.h"
+
+#include "dce_co.h"
#define DCE2_SMB_NAME "dce_smb"
#define DCE2_SMB_HELP "dce over smb inspection"
// Author(s): Hui Cao <huica@cisco.com>
#include "dce_smb2.h"
-#include "dce_list.h"
-#include "dce_smb_module.h"
-#include "dce_smb_utils.h"
+
#include "detection/detection_util.h"
-#include "main/snort_debug.h"
#include "file_api/file_flows.h"
+#include "dce_smb_module.h"
+#include "dce_smb_utils.h"
+
#define UNKNOWN_FILE_SIZE ~0
// FIXIT-L port fileCache related code along with
#define _DCE_SMB2_H_
#include "dce_smb.h"
-#include "dce_utils.h"
#define SMB2_FLAGS_ASYNC_COMMAND 0x00000002
// Smb commands processing
#include "dce_smb_commands.h"
-#include "dce_smb_transaction_utils.h"
-#include "dce_smb_module.h"
#include "main/snort_debug.h"
#include "utils/util.h"
-#include "detection/detect.h"
+
+#include "dce_smb_module.h"
+#include "dce_smb_transaction_utils.h"
#define SMB_DIALECT_NT_LM_012 "NT LM 0.12" // NT LAN Manager
// dce_smb_module.cc author Rashmi Pitre <rrp@cisco.com>
#include "dce_smb_module.h"
-#include "dce_smb.h"
-#include "dce_common.h"
-#include "dce_co.h"
#include "main/snort_config.h"
+#include "dce_smb.h"
+
using namespace std;
static const PegInfo dce2_smb_pegs[] =
// based on work by Todd Wease
#include "dce_smb_paf.h"
-#include "dce_smb.h"
-#include "dce_common.h"
+
#include "main/snort_debug.h"
-#include "protocols/packet.h"
+
+#include "dce_smb.h"
/*********************************************************************
* Function: DCE2_PafSmbIsValidNetbiosHdr()
#ifndef DCE_SMB_PAF_H
#define DCE_SMB_PAF_H
-#include "main/snort_types.h"
#include "stream/stream_splitter.h"
#define DCE2_SMB_PAF_SHIFT(x64, x8) { x64 <<= 8; x64 |= (uint64_t)x8; }
// Smb transaction commands processing
#include "dce_smb_transaction.h"
-#include "dce_smb_transaction_utils.h"
-#include "dce_smb_utils.h"
-#include "dce_smb_module.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
-#include "detection/detect.h"
+
+#include "dce_smb_transaction_utils.h"
#define DCE2_SMB_TRANS__NONE 0x00
#define DCE2_SMB_TRANS__DATA 0x01
// Smb transaction commands utils
-#include "dce_smb.h"
-#include "dce_utils.h"
-#include "dce_smb_module.h"
+#include "dce_smb_transaction_utils.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
-#include "detection/detect.h"
#define TRANS_NM_PIPE_0 (0)
#define TRANS_NM_PIPE_1 (TRANS_NM_PIPE_0+7)
// dce_smb_utils.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Todd Wease
-#include "dce_smb.h"
#include "dce_smb_utils.h"
-#include "dce_smb_module.h"
-#include "dce_list.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
-#include "detection/detect.h"
-#include "file_api/file_api.h"
-#include "file_api/file_flows.h"
+
#include "detection/detection_util.h"
+#include "file_api/file_flows.h"
+#include "utils/util.h"
+
+#include "dce_smb_module.h"
/********************************************************************
* Private function prototypes
// based on work by Todd Wease
#include "dce_tcp.h"
-#include "dce_tcp_paf.h"
-#include "dce_tcp_module.h"
-#include "dce_co.h"
-#include "main/snort_debug.h"
+
#include "detection/detect.h"
-#include "log/messages.h"
-#include "protocols/packet_manager.h"
#include "utils/util.h"
+#include "dce_tcp_module.h"
+#include "dce_tcp_paf.h"
+
Dce2TcpFlowData::Dce2TcpFlowData() : FlowData(flow_id)
{
}
#ifndef DCE_TCP_H
#define DCE_TCP_H
+#include "profiler/profiler_defs.h"
+
#include "dce_co.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "framework/counts.h"
#define DCE2_TCP_NAME "dce_tcp"
#define DCE2_TCP_HELP "dce over tcp inspection"
// dce_tcp_module.cc author Rashmi Pitre <rrp@cisco.com>
#include "dce_tcp_module.h"
+
+#include "log/messages.h"
+
#include "dce_tcp.h"
-#include "dce_common.h"
-#include "main/snort_config.h"
-#include "dce_co.h"
using namespace std;
// based on work by Todd Wease
#include "dce_tcp_paf.h"
-#include "dce_tcp.h"
-#include "dce_common.h"
+
#include "main/snort_debug.h"
+#include "dce_tcp.h"
+
/*********************************************************************
* Function: dce2_tcp_paf()
*
#define DCE_TCP_PAF_H
#include "dce_common.h"
-#include "main/snort_types.h"
#include "stream/stream_splitter.h"
#define DCE2_DEBUG__PAF_START_MSG_TCP "DCE/RPC over TCP PAF ====================================="
// based on work by Todd Wease
#include "dce_udp.h"
-#include "dce_udp_module.h"
-#include "main/snort_debug.h"
+
#include "detection/detect.h"
-#include "log/messages.h"
-#include "protocols/packet_manager.h"
-#include "utils/util.h"
+
+#include "dce_udp_module.h"
THREAD_LOCAL int dce2_udp_inspector_instances = 0;
THREAD_LOCAL ProfileStats dce2_udp_pstat_cl_frag;
THREAD_LOCAL ProfileStats dce2_udp_pstat_cl_reass;
-void DCE2_ClCleanTracker(DCE2_ClTracker* clt)
+static void DCE2_ClCleanTracker(DCE2_ClTracker* clt)
{
if (clt == nullptr)
return;
#ifndef DCE_UDP_H
#define DCE_UDP_H
+#include "profiler/profiler_defs.h"
+
#include "dce_common.h"
-#include "dce_list.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "framework/counts.h"
#define DCE2_UDP_NAME "dce_udp"
#define DCE2_UDP_HELP "dce over udp inspection"
// dce_udp_module.cc author Maya Dagon <mdagon@cisco.com>
#include "dce_udp_module.h"
+
+#include "log/messages.h"
+
#include "dce_udp.h"
-#include "dce_common.h"
-#include "main/snort_config.h"
using namespace std;
//--------------------------------------------------------------------------
#include "dce_utils.h"
+
#include "main/snort_debug.h"
#include "utils/util.h"
#include "utils/safec.h"
#define DCE_UTILS_H
#include <ctype.h>
+#include <string.h>
#include "main/snort_types.h"
-#include "utils/util.h"
/********************************************************************
* Macros
// ips_dce_iface.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Todd Wease
-#include "dce_utils.h"
-#include "dce_common.h"
#include <cerrno>
-#include "framework/ips_option.h"
-#include "framework/module.h"
-#include "framework/parameter.h"
-#include "framework/range.h"
-#include "detection/detect.h"
#include "detection/detection_defines.h"
#include "detection/pattern_match_data.h"
-#include "hash/sfhashfcn.h"
+#include "framework/module.h"
+#include "framework/ips_option.h"
+#include "framework/range.h"
#include "profiler/profiler.h"
#include "target_based/snort_protocols.h"
-#include "main/snort_debug.h"
+#include "utils/util.h"
+
+#include "dce_common.h"
//-------------------------------------------------------------------------
// dcerpc2 interface rule options
// ips_dce_opnum.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Todd Wease
-#include "dce_utils.h"
-#include "dce_common.h"
-
+#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
-#include "detection/detection_defines.h"
-#include "hash/sfhashfcn.h"
#include "profiler/profiler.h"
-#include "protocols/packet.h"
#include "utils/util.h"
-#include "log/messages.h"
+
+#include "dce_common.h"
//-------------------------------------------------------------------------
// dcerpc2 opnum rule options
// ips_dce_stub_data.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Todd Wease
-#include "dce_common.h"
-
#include "detection/detection_defines.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "hash/sfhashfcn.h"
-#include "protocols/packet.h"
#include "profiler/profiler.h"
+#include "dce_common.h"
+
#define s_name "dce_stub_data"
#define s_help \
"sets the cursor to dcerpc stub data"
projects / thirdparty / snort3.git / commitdiff
